SP2 Firewall stops VPN connection

G

Guest

I have Googled this problem to death, and found no solution. I turn to this
thread for help.

My set-up: XP Pro computer on home LAN, connected as follows:

My computer
!
D-Link DI-604 Router/Internet Gateway
!
ADSL modem
!
Internet

A time ago I used the XP Pro VPN client to set up a PPTP VPN connection to
my "Employer's server". Therefore, my Network Connections window shows
"Internet Connection", "Local Area Connection" and "Virtual Private Network,
Employer's server".

By enabling the "VPN Pass-Thru, PPTP" option on my DI-604 router, I have
succesfully VPN'ed to my "Employer's server".

The problem started when I installed XP SP2. With the Windows Firewall "on",
I cannot make the VPN connection.

If I turn the Windows Firewall "off", the VPN connection can be successfully
completed.

Using the Windows Firewall activity log (pfirewall.log), I logged three
separate attempts to make the VPN connection while the Windows Firewall was
"on". Each attempt stalled and ultimately failed as follows:

date time action protocol src-ip dst-ip src-port dst-port size tcpflags
tcpsyn tcpack tcpwin icmptype icmpcode info path

26/5/05 10:47:38 OPEN TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - - - -
26/5/05 10:47:40 DROP TCP 222.333.444.555 192.168.0.101 1723 2506 72 AP
4148137482 1112083982 17356 - - - RECEIVE
26/5/05 10:49:40 CLOSE TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - -

26/5/05 12:15:01 OPEN TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - - - -
26/5/05 12:15:03 DROP TCP 222.333.444.555 192.168.0.101 1723 1861 72 AP
2982775699 1704473147 17356 - - - RECEIVE
26/5/05 12:17:03 CLOSE TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - -

26/5/05 12:20:11 OPEN TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - - - -
26/5/05 12:20:13 DROP TCP 222.333.444.555 192.168.0.101 1723 2181 72 AP
944672026 916574642 17356 - - - RECEIVE
26/5/05 12:22:13 CLOSE TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - -

In each instance I got "Error 800: Unable to establish the VPN connection".

Note that my DI-604 router uses NAT filtering; my computer's DHCP-assigned
LAN address is 192.168.0.101; my Employer's server is at 222.333.444.555
(fictitious).

Note also that the "local" source/destination port is different in each
instance (2506, then 1861, then 2181). As best I can tell, the DI-604
continuously cycles thru ports, opening and closing them. When the VPN
connection is initiated, whichever port is next in the "cycle" is the one
selected for the VPN connection. I hope I am right/this makes sense.

Anyhow, the question is: How can I successfully complete my VPN connection
while the Windows Firewall in "on"?

Thank you in advance for your helpful answers.
 
R

RRR_News

AriNZ,
By the way if the PC is constantly connected to the D-Link router, you don't
need to have XP Firewall program running. There is a firewall built into the
router. But if you want to run Windows firewall, or this is laptop that you
take to work. You may also want to go to D-Link and update the firmware for
the router. It looks like the E version had an upgrade as late as 12/04,
which might help with the SP2 upgrade.

http://d-link.com/products/support.asp?pid=62&pv=17&sec=0

You may need to reset the Windows Firewall after the SP2 upgrade.

Control Panel> Security> Click on Windows Firewall icon, at the bottom of
page> Exceptions tab> Check box for VPN pass through> You may need to add
that program to the exceptions list.

--

Click on Link to Add MS to your News Reader: news://msnews.microsoft.com
Rich/rerat

(RRR News) <message rule>
<<Previous Text Snipped to Save Bandwidth When Appropriate>>



I have Googled this problem to death, and found no solution. I turn to this
thread for help.

My set-up: XP Pro computer on home LAN, connected as follows:

My computer
!
D-Link DI-604 Router/Internet Gateway
!
ADSL modem
!
Internet

A time ago I used the XP Pro VPN client to set up a PPTP VPN connection to
my "Employer's server". Therefore, my Network Connections window shows
"Internet Connection", "Local Area Connection" and "Virtual Private Network,
Employer's server".

By enabling the "VPN Pass-Thru, PPTP" option on my DI-604 router, I have
succesfully VPN'ed to my "Employer's server".

The problem started when I installed XP SP2. With the Windows Firewall "on",
I cannot make the VPN connection.

If I turn the Windows Firewall "off", the VPN connection can be successfully
completed.

Using the Windows Firewall activity log (pfirewall.log), I logged three
separate attempts to make the VPN connection while the Windows Firewall was
"on". Each attempt stalled and ultimately failed as follows:

date time action protocol src-ip dst-ip src-port dst-port size tcpflags
tcpsyn tcpack tcpwin icmptype icmpcode info path

26/5/05 10:47:38 OPEN TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - - - -
26/5/05 10:47:40 DROP TCP 222.333.444.555 192.168.0.101 1723 2506 72 AP
4148137482 1112083982 17356 - - - RECEIVE
26/5/05 10:49:40 CLOSE TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - -

26/5/05 12:15:01 OPEN TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - - - -
26/5/05 12:15:03 DROP TCP 222.333.444.555 192.168.0.101 1723 1861 72 AP
2982775699 1704473147 17356 - - - RECEIVE
26/5/05 12:17:03 CLOSE TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - -

26/5/05 12:20:11 OPEN TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - - - -
26/5/05 12:20:13 DROP TCP 222.333.444.555 192.168.0.101 1723 2181 72 AP
944672026 916574642 17356 - - - RECEIVE
26/5/05 12:22:13 CLOSE TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - -

In each instance I got "Error 800: Unable to establish the VPN connection".

Note that my DI-604 router uses NAT filtering; my computer's DHCP-assigned
LAN address is 192.168.0.101; my Employer's server is at 222.333.444.555
(fictitious).

Note also that the "local" source/destination port is different in each
instance (2506, then 1861, then 2181). As best I can tell, the DI-604
continuously cycles thru ports, opening and closing them. When the VPN
connection is initiated, whichever port is next in the "cycle" is the one
selected for the VPN connection. I hope I am right/this makes sense.

Anyhow, the question is: How can I successfully complete my VPN connection
while the Windows Firewall in "on"?

Thank you in advance for your helpful answers.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

XPSP2 Firewall & PPTP VPN 3
Home VPN 6
Have to disable windows Firewall to connect VPN? 2
VPN Pass-through not working on D-Link DI-524 0
XP Pro SP2 as a VPN Server 3
VPN Connection issue 1
Cannot connect to XP running VPN Server (authentication not workin 1
XP Pro VPN connection 1

Top